VPN Protocols ============= This section introduces key VPN protocols responsible for secure and private communication over untrusted or public networks. VPN protocols encapsulate and encrypt traffic to maintain confidentiality, integrity, and access control. .. toctree:: :maxdepth: 1 :hidden: :includehidden: VPN/PPTP VPN/IPsec VPN/L2TP VPN/OpenVPN_1.0 VPN/SSL_VPN VPN/IKEv2 VPN/WireGuard VPN/Lightway VPN/OpenVPN_2.5+ .. list-table:: :widths: 20 60 20 :header-rows: 1 * - Protocol - Description - Use Case * - PPTP (Point-to-Point Tunneling Protocol) - Legacy VPN protocol using GRE tunneling and MS-CHAPv2. *Fast but considered insecure.* - Legacy Windows support * - IPsec (Internet Protocol Security) - VPN protocol suite at Layer 3 supporting encryption, authentication, and key exchange. *Supports tunnel and transport mode.* - Site-to-site and remote-access VPNs * - L2TP (Layer 2 Tunneling Protocol) - Layer 2 tunneling protocol usually paired with IPsec. *Encapsulates PPP frames.* - Remote VPN access with IPsec * - OpenVPN 1.0 - Open-source VPN using SSL/TLS. *Highly configurable and widely adopted.* - Cross-platform secure VPN deployment * - SSL VPN - TLS-based VPN access via browser or lightweight clients. *Clientless and easy to deploy.* - Web-based access to internal apps * - IKEv2 (Internet Key Exchange v2) - Protocol used with IPsec for key exchange and security associations. *Fast reconnection and mobile-friendly.* - Mobile VPNs with always-on behavior * - WireGuard - Modern, lightweight VPN protocol using strong cryptography. *Simple configuration, very fast.* - Personal and enterprise secure VPN * - Lightway - ExpressVPN’s proprietary protocol. *Designed for speed and mobile optimization.* - Consumer-grade fast VPN access * - OpenVPN 2.5+ - Enhanced OpenVPN with improved performance and TLS 1.3 support. *Updated cipher suites and better threading.* - Enterprise VPNs with open-source control .. tab-set:: .. tab-item:: PPTP (Point-to-Point Tunneling Protocol) **RFC:** RFC 2637 **Main Features:** - Encapsulates PPP over GRE - Fast setup and lightweight - Weak encryption (MS-CHAPv2) **Use Cases:** - Legacy Windows compatibility - Non-sensitive connections **Alternative Protocols:** - L2TP/IPsec – Stronger encryption - OpenVPN – Open-source and modern .. panels:: :container: container pb-4 :column: col-lg-12 p-2 **Let us learn more about PPTP:** * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`PPTP Version&RFC Details ` * :ref:`PPTP Basic Setup on Ubuntu using IPv4 ` * :ref:`PPTP Basic Setup on Ubuntu using IPv6 ` * :ref:`PPTP Protocol Packet Details ` * :ref:`PPTP Usecases ` * :ref:`PPTP Basic Features ` * :ref:`PPTP Feature : Tunneling Protocol ` * :ref:`PPTP Feature : VPN Support ` * :ref:`PPTP Feature : Authentication ` * :ref:`PPTP Feature : Encryption ` * :ref:`PPTP Feature : Session Management ` * :ref:`PPTP Feature : GRE Encapsulation ` * :ref:`PPTP Feature : IP Address Assignment ` * :ref:`PPTP Feature : Compression Support ` * :ref:`PPTP Feature : NAT Traversal ` * :ref:`PPTP Feature : Lightweight Implementation ` * :ref:`Reference links ` .. button-link:: ./VPN/PPTP.html :color: primary :shadow: :expand: Jump to "PPTP" .. tab-set:: .. tab-item:: IPsec (Internet Protocol Security) **RFC:** RFC 4301 **Main Features:** - Provides encryption, integrity, and authentication - Works in transport or tunnel mode - Core protocols: AH, ESP, IKE **Use Cases:** - Remote access VPNs - Site-to-site encrypted tunnels **Alternative Protocols:** - WireGuard – Simpler, newer - SSL VPN – For application-layer VPN .. panels:: :container: container pb-4 :column: col-lg-12 p-2 **Let us learn more about IPsec:** * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`IPsec Version&RFC Details ` * :ref:`IPsec Basic Setup on Ubuntu using IPv4 ` * :ref:`IPsec Basic Setup on Ubuntu using IPv6 ` * :ref:`IPsec Protocol Packet Details ` * :ref:`IPsec Usecases ` * :ref:`IPsec Basic Features ` * :ref:`IPsec Feature : Encryption ` * :ref:`IPsec Feature : Authentication ` * :ref:`IPsec Feature : Integrity Checking ` * :ref:`IPsec Feature : Tunneling and Transport Modes ` * :ref:`IPsec Feature : Key Exchange (IKE/IKEv2) ` * :ref:`IPsec Feature : Security Associations (SAs) ` * :ref:`IPsec Feature : Protocol Support (ESP & AH) ` * :ref:`IPsec Feature : NAT Traversal ` * :ref:`IPsec Feature : Replay Protection ` * :ref:`IPsec Feature : Flexible Algorithm Support ` * :ref:`Reference links ` .. button-link:: ./VPN/IPsec.html :color: primary :shadow: :expand: Jump to "IPsec" .. tab-set:: .. tab-item:: L2TP (Layer 2 Tunneling Protocol) **RFC:** RFC 2661 **Main Features:** - Tunnels PPP traffic - No encryption by itself - Commonly paired with IPsec **Use Cases:** - Remote user VPN access - Windows/macOS native clients **Alternative Protocols:** - OpenVPN – More flexible - SSL VPN – No client needed .. panels:: :container: container pb-4 :column: col-lg-12 p-2 **Let us learn more about L2TP:** * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`L2TP Version&RFC Details ` * :ref:`L2TP Basic Setup on Ubuntu using IPv4 ` * :ref:`L2TP Basic Setup on Ubuntu using IPv6 ` * :ref:`L2TP Protocol Packet Details ` * :ref:`L2TP Usecases ` * :ref:`L2TP Basic Features ` * :ref:`L2TP Feature : Tunneling ` * :ref:`L2TP Feature : Session Multiplexing ` * :ref:`L2TP Feature : Control and Data Separation ` * :ref:`L2TP Feature : Protocol Independence ` * :ref:`L2TP Feature : UDP-Based Transport ` * :ref:`L2TP Feature : No Native Encryption ` * :ref:`L2TP Feature : AVP-Based Control Messages ` * :ref:`L2TP Feature : Reliable Control Messaging ` * :ref:`L2TP Feature : Tunnel and Session IDs ` * :ref:`L2TP Feature : Extensibility (L2TPv3) ` * :ref:`Reference links ` .. button-link:: ./VPN/L2TP.html :color: primary :shadow: :expand: Jump to "L2TP" .. tab-set:: .. tab-item:: OpenVPN 1.0 **RFC:** N/A **Main Features:** - Uses SSL/TLS for encryption - Cross-platform and open source - Supports TCP or UDP transport **Use Cases:** - Secure VPN for desktops and servers - Privacy-focused VPNs **Alternative Protocols:** - WireGuard – Faster setup and lighter - IPsec – Integrated into OS .. panels:: :container: container pb-4 :column: col-lg-12 p-2 **Let us learn more about OpenVPN 1.0:** * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`OpenVPN 1.0 Version&RFC Details ` * :ref:`OpenVPN 1.0 Basic Setup on Ubuntu using IPv4 ` * :ref:`OpenVPN 1.0 Basic Setup on Ubuntu using IPv6 ` * :ref:`OpenVPN 1.0 Protocol Packet Details ` * :ref:`OpenVPN 1.0 Usecases ` * :ref:`OpenVPN 1.0 Basic Features ` * :ref:`OpenVPN 1.0 Feature : SSL/TLS Tunneling ` * :ref:`OpenVPN 1.0 Feature : Static Key Encryption ` * :ref:`OpenVPN 1.0 Feature : Point-to-Point Mode ` * :ref:`OpenVPN 1.0 Feature : TUN/TAP Interface Support ` * :ref:`OpenVPN 1.0 Feature : Cross-Platform Compatibility ` * :ref:`OpenVPN 1.0 Feature : Portability ` * :ref:`OpenVPN 1.0 Feature : Basic Configuration Files ` * :ref:`OpenVPN 1.0 Feature : No Compression ` * :ref:`OpenVPN 1.0 Feature : No Client-Server Mode ` * :ref:`OpenVPN 1.0 Feature : OpenSSL Integration ` * :ref:`Reference links ` .. button-link:: ./VPN/OpenVPN_1.0.html :color: primary :shadow: :expand: Jump to "OpenVPN 1.0" .. tab-set:: .. tab-item:: WireGuard **RFC:** RFC 8999 **Main Features:** - Small codebase - Uses modern crypto (ChaCha20, Curve25519) - Stateless and fast **Use Cases:** - Lightweight VPN for mobile/IoT - High-performance remote access **Alternative Protocols:** - OpenVPN – Flexible but heavier - IPsec – Standardized and proven .. panels:: :container: container pb-4 :column: col-lg-12 p-2 **Let us learn more about WireGuard:** * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`WireGuard Version&RFC Details ` * :ref:`WireGuard Basic Setup on Ubuntu using IPv4 ` * :ref:`WireGuard Basic Setup on Ubuntu using IPv6 ` * :ref:`WireGuard Protocol Packet Details ` * :ref:`WireGuard Usecases ` * :ref:`WireGuard Basic Features ` * :ref:`WireGuard Feature : Modern Cryptography ` * :ref:`WireGuard Feature : Simplicity ` * :ref:`WireGuard Feature : High Performance ` * :ref:`WireGuard Feature : Stateless Design ` * :ref:`WireGuard Feature : UDP-Based Transport ` * :ref:`WireGuard Feature : IP Layer Tunneling ` * :ref:`WireGuard Feature : Key-Based Authentication ` * :ref:`WireGuard Feature : Roaming Support ` * :ref:`WireGuard Feature : Cross-Platform Compatibility ` * :ref:`WireGuard Feature : Easy Configuration ` * :ref:`Reference links ` .. button-link:: ./VPN/WireGuard.html :color: primary :shadow: :expand: Jump to "WireGuard" .. tab-set:: .. tab-item:: SSL VPN **RFC:** N/A (uses TLS – RFC 5246) **Main Features:** - Web-based access via HTTPS - No dedicated VPN client needed - Works through firewalls/NAT easily **Use Cases:** - Access to internal web apps - Quick and clientless remote access **Alternative Protocols:** - OpenVPN – More customizable - IPsec – Better for full network tunneling .. panels:: :container: container pb-4 :column: col-lg-12 p-2 **Let us learn more about SSL VPN:** * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`SSL VPN Version&RFC Details ` * :ref:`SSL VPN Basic Setup on Ubuntu using IPv4 ` * :ref:`SSL VPN Basic Setup on Ubuntu using IPv6 ` * :ref:`SSL VPN Protocol Packet Details ` * :ref:`SSL VPN Usecases ` * :ref:`SSL VPN Basic Features ` * :ref:`SSL VPN Feature : Encrypted Communication ` * :ref:`SSL VPN Feature : User Authentication ` * :ref:`SSL VPN Feature : Access Control ` * :ref:`SSL VPN Feature : Application-Level Access ` * :ref:`SSL VPN Feature : Web-Based Access ` * :ref:`SSL VPN Feature : Session Management ` * :ref:`SSL VPN Feature : Endpoint Security Checks ` * :ref:`SSL VPN Feature : Logging and Auditing ` * :ref:`SSL VPN Feature : Split Tunneling ` * :ref:`SSL VPN Feature : High Availability & Failover ` * :ref:`Reference links ` .. button-link:: ./VPN/SSL_VPN.html :color: primary :shadow: :expand: Jump to "SSL VPN" .. tab-set:: .. tab-item:: IKEv2 (Internet Key Exchange v2) **RFC:** RFC 7296 **Main Features:** - Key management for IPsec - Supports MOBIKE (mobility + multihoming) - Resilient on mobile networks **Use Cases:** - Always-on VPNs - Enterprise mobile devices **Alternative Protocols:** - IKEv1 – Older and less efficient - WireGuard – Simpler and lighter .. panels:: :container: container pb-4 :column: col-lg-12 p-2 **Let us learn more about IKEv2:** * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`IKEv2 Version&RFC Details ` * :ref:`IKEv2 Basic Setup on Ubuntu using IPv4 ` * :ref:`IKEv2 Basic Setup on Ubuntu using IPv6 ` * :ref:`IKEv2 Protocol Packet Details ` * :ref:`IKEv2 Usecases ` * :ref:`IKEv2 Basic Features ` * :ref:`IKEv2 Feature : Secure Key Exchange ` * :ref:`IKEv2 Feature : Authentication ` * :ref:`IKEv2 Feature : Security Associations (SAs) ` * :ref:`IKEv2 Feature : Mobility and Multihoming (MOBIKE) ` * :ref:`IKEv2 Feature : Session Resumption ` * :ref:`IKEv2 Feature : Message Fragmentation ` * :ref:`IKEv2 Feature : Traffic Selectors ` * :ref:`IKEv2 Feature : Encryption Agility ` * :ref:`IKEv2 Feature : Post-Quantum Readiness ` * :ref:`IKEv2 Feature : Extensibility via Payloads ` * :ref:`Reference links ` .. button-link:: ./VPN/IKEv2.html :color: primary :shadow: :expand: Jump to "IKEv2" .. tab-set:: .. tab-item:: Lightway **RFC:** Proprietary (by ExpressVPN) **Main Features:** - Fast and lightweight - Designed for mobile devices - Uses wolfSSL library for encryption **Use Cases:** - Fast reconnection on mobile - Consumer VPN apps (e.g., ExpressVPN) **Alternative Protocols:** - WireGuard – Open-source alternative - OpenVPN – More robust configuration options .. panels:: :container: container pb-4 :column: col-lg-12 p-2 **Let us learn more about Lightway:** * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`Lightway Version&RFC Details ` * :ref:`Lightway Basic Setup on Ubuntu using IPv4 ` * :ref:`Lightway Basic Setup on Ubuntu using IPv6 ` * :ref:`Lightway Protocol Packet Details ` * :ref:`Lightway Usecases ` * :ref:`Lightway Basic Features ` * :ref:`Lightway Feature : Lightweight Design ` * :ref:`Lightway Feature : Fast Connection & Reconnect ` * :ref:`Lightway Feature : Modern Cryptography ` * :ref:`Lightway Feature : Cross-Platform Support ` * :ref:`Lightway Feature : Battery Efficiency ` * :ref:`Lightway Feature : Session Persistence ` * :ref:`Lightway Feature : Minimal Attack Surface ` * :ref:`Lightway Feature : Open Source Transparency ` * :ref:`Lightway Feature : Rust Implementation (v2+) ` * :ref:`Lightway Feature : Future-Ready Architecture ` * :ref:`Reference links ` .. button-link:: ./VPN/Lightway.html :color: primary :shadow: :expand: Jump to "Lightway" .. tab-set:: .. tab-item:: OpenVPN 2.5+ **RFC:** N/A **Main Features:** - TLS 1.3 support - Better multi-threading, IPv6 handling - Support for AES-GCM and ChaCha20 **Use Cases:** - Secure and scalable VPN - Enterprise and personal VPN solutions **Alternative Protocols:** - WireGuard – Lightweight, simpler to configure - IKEv2 – Optimized for mobile and always-on use .. panels:: :container: container pb-4 :column: col-lg-12 p-2 **Let us learn more about OpenVPN 2.5+:** * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`OpenVPN 2.5+ Version&RFC Details ` * :ref:`OpenVPN 2.5+ Basic Setup on Ubuntu using IPv4 ` * :ref:`OpenVPN 2.5+ Basic Setup on Ubuntu using IPv6 ` * :ref:`OpenVPN 2.5+ Protocol Packet Details ` * :ref:`OpenVPN 2.5+ Usecases ` * :ref:`OpenVPN 2.5+ Basic Features ` * :ref:`OpenVPN 2.5+ Feature : Secure Tunneling ` * :ref:`OpenVPN 2.5+ Feature : Protocol Flexibility ` * :ref:`OpenVPN 2.5+ Feature : TLS Cryptography ` * :ref:`OpenVPN 2.5+ Feature : Cipher Negotiation ` * :ref:`OpenVPN 2.5+ Feature : Authentication Options ` * :ref:`OpenVPN 2.5+ Feature : Asynchronous Authentication ` * :ref:`OpenVPN 2.5+ Feature : Client Configuration Push ` * :ref:`OpenVPN 2.5+ Feature : IPv6 Support ` * :ref:`OpenVPN 2.5+ Feature : Compression (Deprecated) ` * :ref:`OpenVPN 2.5+ Feature : High Availability ` * :ref:`Reference links ` .. button-link:: ./VPN/OpenVPN_2.5+.html :color: primary :shadow: :expand: Jump to "OpenVPN 2.5+"